001: /*
002: * Copyright 2001-2007 Geert Bevin <gbevin[remove] at uwyn dot com>
003: * Distributed under the terms of either:
004: * - the common development and distribution license (CDDL), v1.0; or
005: * - the GNU Lesser General Public License, v2.1 or later
006: * $Id: TestMixedAuthenticated.java 3634 2007-01-08 21:42:24Z gbevin $
007: */
008: package com.uwyn.rife.authentication.elements;
009:
010: import com.meterware.httpunit.GetMethodWebRequest;
011: import com.meterware.httpunit.WebConversation;
012: import com.meterware.httpunit.WebForm;
013: import com.meterware.httpunit.WebRequest;
014: import com.meterware.httpunit.WebResponse;
015: import com.uwyn.rife.authentication.credentialsmanagers.DatabaseUsers;
016: import com.uwyn.rife.authentication.credentialsmanagers.DatabaseUsersFactory;
017: import com.uwyn.rife.authentication.credentialsmanagers.RoleUserAttributes;
018: import com.uwyn.rife.authentication.exceptions.CredentialsManagerException;
019: import com.uwyn.rife.database.Datasource;
020: import com.uwyn.rife.database.Datasources;
021: import com.uwyn.rife.tools.ExceptionUtils;
022: import com.uwyn.rife.tools.StringEncryptor;
023:
024: public class TestMixedAuthenticated extends
025: TestsuiteDatabaseAuthenticated {
026: private Datasource mDatasource = null;
027:
028: public TestMixedAuthenticated(String datasourceName, int siteType,
029: String name) {
030: super (datasourceName, siteType, name);
031:
032: mDatasource = Datasources.getRepInstance().getDatasource(
033: datasourceName);
034: }
035:
036: public void setUp() throws Exception {
037: super .setUp();
038:
039: DatabaseUsers users = DatabaseUsersFactory
040: .getInstance(mDatasource);
041: try {
042: users.install();
043:
044: users.addRole("admin");
045: users.addRole("maint");
046:
047: users.addUser("guest", new RoleUserAttributes(43,
048: "guestpass"));
049: users.addUser("gbevin", new RoleUserAttributes(432,
050: "yeolpass", new String[] { "admin", "maint" }));
051: users.addUser("johndoe", new RoleUserAttributes(174,
052: "thepassofbass", new String[] { "maint" }));
053: users.setPasswordEncryptor(StringEncryptor.SHA);
054: users.addUser("guestencrypted", new RoleUserAttributes(44,
055: "guestpass"));
056: users
057: .addUser("gbevinencrypted", new RoleUserAttributes(
058: 433, "yeolpass", new String[] { "admin",
059: "maint" }));
060: users.setPasswordEncryptor(null);
061: } catch (CredentialsManagerException e) {
062: try {
063: users.remove();
064: } catch (CredentialsManagerException e2) {
065: assertTrue(ExceptionUtils.getExceptionStackTrace(e2),
066: false);
067: }
068: assertTrue(ExceptionUtils.getExceptionStackTrace(e), false);
069: }
070: }
071:
072: public void tearDown() throws Exception {
073: DatabaseUsers users = DatabaseUsersFactory
074: .getInstance(mDatasource);
075:
076: try {
077: users.remove();
078: } catch (CredentialsManagerException e) {
079: assertTrue(ExceptionUtils.getExceptionStackTrace(e), false);
080: }
081:
082: super .tearDown();
083: }
084:
085: public void testMixedAuthenticatedBasic() throws Exception {
086: setupSite("site/authentication_database.xml");
087:
088: WebConversation conversation = new WebConversation();
089: WebRequest request = null;
090: WebResponse response = null;
091: WebForm form = null;
092:
093: request = new GetMethodWebRequest(
094: "http://localhost:8181/authentication/mixed/basic");
095: response = conversation.getResponse(request);
096: form = response.getForms()[0];
097: form.setParameter("login", "guest");
098: form.setParameter("password", "guestpass");
099: response = form.submit();
100:
101: assertEquals(0, response.getForms().length);
102:
103: request = new GetMethodWebRequest(
104: "http://localhost:8181/authentication/mixed/basic");
105: response = conversation.getResponse(request);
106: form = response.getForms()[0];
107: form.setParameter("login", "gbevin");
108: form.setParameter("password", "yeolpass");
109: response = form.submit();
110:
111: assertEquals(0, response.getForms().length);
112:
113: request = new GetMethodWebRequest(
114: "http://localhost:8181/authentication/mixed/basic");
115: response = conversation.getResponse(request);
116: form = response.getForms()[0];
117: form.setParameter("login", "invalid");
118: form.setParameter("password", "invalid");
119: response = form.submit();
120:
121: assertEquals(1, response.getForms().length);
122: }
123:
124: public void testMixedAuthenticatedEncrypted() throws Exception {
125: setupSite("site/authentication_database.xml");
126:
127: WebConversation conversation = new WebConversation();
128: WebRequest request = null;
129: WebResponse response = null;
130: WebForm form = null;
131:
132: request = new GetMethodWebRequest(
133: "http://localhost:8181/authentication/mixed/encrypted");
134: response = conversation.getResponse(request);
135: form = response.getForms()[0];
136: form.setParameter("login", "guestencrypted");
137: form.setParameter("password", "guestpass");
138: response = form.submit();
139:
140: assertEquals(0, response.getForms().length);
141:
142: request = new GetMethodWebRequest(
143: "http://localhost:8181/authentication/mixed/encrypted");
144: response = conversation.getResponse(request);
145: form = response.getForms()[0];
146: form.setParameter("login", "gbevinencrypted");
147: form.setParameter("password", "yeolpass");
148: response = form.submit();
149:
150: assertEquals(0, response.getForms().length);
151:
152: request = new GetMethodWebRequest(
153: "http://localhost:8181/authentication/mixed/encrypted");
154: response = conversation.getResponse(request);
155: form = response.getForms()[0];
156: form.setParameter("login", "guest");
157: form.setParameter("password", "guestpass");
158: response = form.submit();
159:
160: assertEquals(1, response.getForms().length);
161:
162: request = new GetMethodWebRequest(
163: "http://localhost:8181/authentication/mixed/encrypted");
164: response = conversation.getResponse(request);
165: form = response.getForms()[0];
166: form.setParameter("login", "gbevin");
167: form.setParameter("password", "yeolpass");
168: response = form.submit();
169:
170: assertEquals(1, response.getForms().length);
171:
172: request = new GetMethodWebRequest(
173: "http://localhost:8181/authentication/mixed/encrypted");
174: response = conversation.getResponse(request);
175: form = response.getForms()[0];
176: form.setParameter("login", "invalid");
177: form.setParameter("password", "invalid");
178: response = form.submit();
179:
180: assertEquals(1, response.getForms().length);
181: }
182:
183: public void testMixedAuthenticatedOtherid() throws Exception {
184: setupSite("site/authentication_database.xml");
185:
186: WebConversation conversation = new WebConversation();
187: WebRequest request = null;
188: WebResponse response = null;
189: WebForm form = null;
190: String auth_id;
191:
192: request = new GetMethodWebRequest(
193: "http://localhost:8181/authentication/mixed/basic");
194: response = conversation.getResponse(request);
195: form = response.getForms()[0];
196: form.setParameter("login", "guest");
197: form.setParameter("password", "guestpass");
198: response = form.submit();
199:
200: assertEquals(0, response.getForms().length);
201: auth_id = response.getTitle();
202:
203: request = new GetMethodWebRequest(
204: "http://localhost:8181/authentication/mixed/basic");
205: request.setParameter("authid", auth_id);
206: response = conversation.getResponse(request);
207:
208: assertEquals(0, response.getForms().length);
209: assertEquals(auth_id, response.getTitle());
210:
211: request = new GetMethodWebRequest(
212: "http://localhost:8181/authentication/mixed/otherid");
213: request.setParameter("authid", auth_id);
214: response = conversation.getResponse(request);
215:
216: assertEquals(1, response.getForms().length);
217: assertTrue(!auth_id.equals(response.getTitle()));
218:
219: request = new GetMethodWebRequest(
220: "http://localhost:8181/authentication/mixed/otherid");
221: response = conversation.getResponse(request);
222: form = response.getForms()[0];
223: form.setParameter("login", "guest");
224: form.setParameter("password", "guestpass");
225: response = form.submit();
226:
227: assertEquals(0, response.getForms().length);
228: auth_id = response.getTitle();
229:
230: request = new GetMethodWebRequest(
231: "http://localhost:8181/authentication/mixed/otherid");
232: request.setParameter("authid", auth_id);
233: response = conversation.getResponse(request);
234:
235: assertEquals(0, response.getForms().length);
236: assertEquals(auth_id, response.getTitle());
237:
238: request = new GetMethodWebRequest(
239: "http://localhost:8181/authentication/mixed/basic");
240: request.setParameter("authid", auth_id);
241: response = conversation.getResponse(request);
242:
243: assertEquals(1, response.getForms().length);
244: assertTrue(!auth_id.equals(response.getTitle()));
245: }
246:
247: public void testMixedAuthenticatedRole() throws Exception {
248: setupSite("site/authentication_database.xml");
249:
250: WebConversation conversation = new WebConversation();
251: WebRequest request = null;
252: WebResponse response = null;
253: WebForm form = null;
254:
255: request = new GetMethodWebRequest(
256: "http://localhost:8181/authentication/mixed/role");
257: response = conversation.getResponse(request);
258: form = response.getForms()[0];
259: form.setParameter("login", "guest");
260: form.setParameter("password", "guestpass");
261: response = form.submit();
262:
263: assertEquals(1, response.getForms().length);
264:
265: request = new GetMethodWebRequest(
266: "http://localhost:8181/authentication/mixed/role");
267: response = conversation.getResponse(request);
268: form = response.getForms()[0];
269: form.setParameter("login", "gbevin");
270: form.setParameter("password", "yeolpass");
271: response = form.submit();
272:
273: assertEquals(0, response.getForms().length);
274:
275: request = new GetMethodWebRequest(
276: "http://localhost:8181/authentication/mixed/role2");
277: response = conversation.getResponse(request);
278: form = response.getForms()[0];
279: form.setParameter("login", "gbevin");
280: form.setParameter("password", "yeolpass");
281: response = form.submit();
282:
283: assertEquals(0, response.getForms().length);
284:
285: request = new GetMethodWebRequest(
286: "http://localhost:8181/authentication/mixed/role");
287: response = conversation.getResponse(request);
288: form = response.getForms()[0];
289: form.setParameter("login", "johndoe");
290: form.setParameter("password", "thepassofbass");
291: response = form.submit();
292:
293: assertEquals(1, response.getForms().length);
294:
295: request = new GetMethodWebRequest(
296: "http://localhost:8181/authentication/mixed/role2");
297: response = conversation.getResponse(request);
298: form = response.getForms()[0];
299: form.setParameter("login", "johndoe");
300: form.setParameter("password", "thepassofbass");
301: response = form.submit();
302:
303: assertEquals(0, response.getForms().length);
304:
305: request = new GetMethodWebRequest(
306: "http://localhost:8181/authentication/mixed/role");
307: response = conversation.getResponse(request);
308: form = response.getForms()[0];
309: form.setParameter("login", "invalid");
310: form.setParameter("password", "invalid");
311: response = form.submit();
312:
313: assertEquals(1, response.getForms().length);
314: }
315:
316: public void testMixedAuthenticatedRoleIsolation() throws Exception {
317: setupSite("site/authentication_database.xml");
318:
319: WebConversation conversation = new WebConversation();
320: WebRequest request = null;
321: WebResponse response = null;
322: WebForm form = null;
323: String auth_id = null;
324:
325: request = new GetMethodWebRequest(
326: "http://localhost:8181/authentication/mixed/role");
327: response = conversation.getResponse(request);
328: form = response.getForms()[0];
329: form.setParameter("login", "gbevin");
330: form.setParameter("password", "yeolpass");
331: response = form.submit();
332:
333: assertEquals(0, response.getForms().length);
334: auth_id = response.getTitle();
335:
336: request = new GetMethodWebRequest(
337: "http://localhost:8181/authentication/mixed/role");
338: request.setParameter("authid", auth_id);
339: response = conversation.getResponse(request);
340:
341: assertEquals(auth_id, response.getTitle());
342:
343: request = new GetMethodWebRequest(
344: "http://localhost:8181/authentication/mixed/role2");
345: request.setParameter("authid", auth_id);
346: response = conversation.getResponse(request);
347:
348: assertEquals(auth_id, response.getTitle());
349:
350: request = new GetMethodWebRequest(
351: "http://localhost:8181/authentication/mixed/role2");
352: response = conversation.getResponse(request);
353: form = response.getForms()[0];
354: form.setParameter("login", "johndoe");
355: form.setParameter("password", "thepassofbass");
356: response = form.submit();
357:
358: assertEquals(0, response.getForms().length);
359: auth_id = response.getTitle();
360:
361: request = new GetMethodWebRequest(
362: "http://localhost:8181/authentication/mixed/role2");
363: request.setParameter("authid", auth_id);
364: response = conversation.getResponse(request);
365:
366: assertEquals(auth_id, response.getTitle());
367:
368: request = new GetMethodWebRequest(
369: "http://localhost:8181/authentication/mixed/role");
370: request.setParameter("authid", auth_id);
371: response = conversation.getResponse(request);
372:
373: assertEquals(1, response.getForms().length);
374: }
375:
376: public void testMixedAuthenticatedSessionduration()
377: throws Exception {
378: setupSite("site/authentication_database.xml");
379:
380: WebConversation conversation = new WebConversation();
381: WebRequest request = null;
382: WebResponse response = null;
383: WebForm form = null;
384: String auth_id;
385:
386: request = new GetMethodWebRequest(
387: "http://localhost:8181/authentication/mixed/sessionduration");
388: response = conversation.getResponse(request);
389: form = response.getForms()[0];
390: form.setParameter("login", "guest");
391: form.setParameter("password", "guestpass");
392: response = form.submit();
393:
394: assertEquals(0, response.getForms().length);
395: auth_id = response.getTitle();
396:
397: request = new GetMethodWebRequest(
398: "http://localhost:8181/authentication/mixed/sessionduration");
399: request.setParameter("authid", auth_id);
400: response = conversation.getResponse(request);
401:
402: assertEquals(0, response.getForms().length);
403: assertEquals(auth_id, response.getTitle());
404:
405: try {
406: Thread.sleep(2000);
407: } catch (InterruptedException e) {
408: assertTrue(ExceptionUtils.getExceptionStackTrace(e), false);
409: }
410:
411: request = new GetMethodWebRequest(
412: "http://localhost:8181/authentication/mixed/sessionduration");
413: request.setParameter("authid", auth_id);
414: response = conversation.getResponse(request);
415:
416: assertEquals(1, response.getForms().length);
417: }
418: }
|